A vulnerability in the WPA2 protocol allowing attackers to read encrypted information transmitted over Wi-Fi was discovered by Mathy Vanhoef, a post-doctorate researcher at KU Leuven. Due to a flaw in the design of the protocol itself—not a specific vendor implementation—attackers can capture part of the handshake message, and use modified versions of that to trick devices into installing a blank encryption key, a process called "key reinstallation attacks," or KRACKs by Vanhoef.

As this vulnerability does not rely on a specific vendor implementation, practically any device with a specification-compliant implementation of WPA2 is affected. For enterprise Wi-Fi deployments, this can be particularly problematic as fast BSS transition is vulnerable to this attack. In the immediate term, patching client devices is the highest priority. However, wireless routers and access points may require a vendor patch to protect against this vulnerability.

How the attack works

Because of the depth and nuance of this vulnerability, collectively KRACK has 10 CVE identifiers assigned to it. The lynchpin of the vulnerability is the four-way handshake used when a client device attempts to join a protected network. After verifying the Wi-Fi password for the network itself, the encryption key for the session is negotiated. These handshake messages can be captured and manipulated by an attacker, and rebroadcast to a device which proceeds to reinstall the encryption key.

The WPA2 handshake design permits for the possibility of a dropped packet during handshake. Therefore, the third step of the four-way handshake—in which the encryption key is negotiated—may be rebroadcast to the client if the access point has not received an acknowledgement. Per protocol design, the client may receive the encryption key multiple times, and is expected to reinstall that key, resetting the incremental packet transit number ("nonce") and receive reply counter. Attackers can take advantage of this behavior to replay, decrypt, or forge packets.

Naturally, this ability extends to TCP SYN packets, making it possible for attackers to hijack TCP connections, in functionally the same way attackers inject data on unprotected Wi-Fi networks.

Of note, this attack does not allow attackers to recover the network password.

Vanhoef first notified vendors with products he personally tested and found to be vulnerable "around" July 14, 2017. After determining that this was a vulnerability of the protocol, not of a vendor-specific implementation, Vanhoef approached CERT/CC, which in turn notified product vendors on August 28th.

Who is affected

Practically any device capable of sending or receiving a Wi-Fi signal is affected. Because of the nature of the attack, the client device is the target and is, therefore, the highest priority for patching.

In Vanhoef's proof of concept against a phone running Android 6.0, the behavior of wpa_supplicant—a Wi-Fi library used in Android and various Linux distributions—causes the encryption key to be erased from memory after being installed the first time. As such, if an attacker retransmits part of the handshake, the library will reinstall the cleared key, effectively replacing the key with a blank one.

According to Vanhoef, "This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices." He also noted that 41% of Android devices run Android 6.0 or above, where this behavior was introduced. At press time, a patched wpk_supplicant is in testing for Fedora, though no patch has yet been introduced for Ubuntu.

What can be done to mitigate damage

For mobile, particularly Android devices, avoiding connecting to Wi-Fi networks in public places—even if they are protected networks.

It is possible to patch devices in a backward-compatible manner, though distribution of these patches is likely to take time. Check with your product vendors to see if a patch is available or necessary.

Update (from an article by TechRepublic's Conner Forrest) : Security professionals are reminding enterprises that the vulnerability is patchable, and there is currently no publicly-available code to attack this flaw. In a statement to the Verge, Microsoft said that it has already issued a patch for the KRACK vulnerability, and Google has promised a patch in the coming weeks. A Linux patch is also available and a host of other organizations have issued patches as well.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Related Topics:

About James Sanders

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.

Full Bio

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.